cbcvebase.

Bea Weblogic Server vulnerabilities

146 known vulnerabilities affecting bea/weblogic_server.

Total CVEs
146
CISA KEV
0
Public exploits
12
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH31MEDIUM92LOW16

Vulnerabilities

Page 7 of 8
CVE-2006-2467P4MEDIUMCVSS 4.0v6.1v7.0+1 more2006-05-19
CVE-2006-2467 [MEDIUM] CVE-2006-2467: BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address.
nvd
CVE-2004-1757P4MEDIUMCVSS 4.6v6.1v7.0+1 more2004-12-31
CVE-2004-1757 [MEDIUM] CVE-2004-1757: BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.
nvd
CVE-2006-2468P4MEDIUMCVSS 4.0v7.0v8.12006-05-19
CVE-2006-2468 [MEDIUM] CVE-2006-2468: The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 di The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive information.
nvd
CVE-2006-2472P4MEDIUMCVSS 4.9v6.1v7.0+3 more2006-05-19
CVE-2006-2472 [MEDIUM] CVE-2006-2472: Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys.
nvd
CVE-2003-1095P4MEDIUMCVSS 4.6v7.0v7.0.0.12003-03-18
CVE-2003-1095 [MEDIUM] CVE-2003-1095: BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web app BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.
nvd
CVE-2004-0712P4MEDIUMCVSS 4.6v8.12004-07-27
CVE-2004-0712 [MEDIUM] CVE-2004-0712: The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8 The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.
nvd
CVE-2006-2464P4MEDIUMCVSS 4.6v7.0v8.12006-05-19
CVE-2006-2464 [MEDIUM] CVE-2006-2464: stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displ stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display.
nvd
CVE-2003-1438P4MEDIUMCVSS 4.3v5.1v6.0+3 more2003-12-31
CVE-2003-1438 [MEDIUM] CWE-362 CVE-2003-1438: Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.
nvd
CVE-2002-1030P4LOWCVSS 2.6v5.1v6.0+2 more2002-10-04
CVE-2002-1030 [LOW] CVE-2002-1030: Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 al Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.
nvd
CVE-2007-0413P4MEDIUMCVSS 4.4≤ 8.1v8.12007-01-23
CVE-2007-0413 [MEDIUM] CVE-2007-0413: BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offlin BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file.
nvd
CVE-2003-1093P4MEDIUMCVSS 4.6v6.1v7.0+1 more2003-12-31
CVE-2003-1093 [MEDIUM] CVE-2003-1093: BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inacc BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException.
nvd
CVE-2006-2466P4LOWCVSS 2.6v7.0v8.12006-05-19
CVE-2006-2466 [LOW] CVE-2006-2466: BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source cod BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."
nvd
CVE-2003-1437P4LOWCVSS 2.1v7.0v7.0.0.12003-12-31
CVE-2003-1437 [LOW] CVE-2003-1437: BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keyst BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
nvd
CVE-2004-0471P4LOWCVSS 2.1v7.0v8.12004-07-07
CVE-2004-0471 [LOW] CVE-2004-0471: BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site r BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
nvd
CVE-2003-1224P4LOWCVSS 2.1v7.0v7.0.0.12003-12-31
CVE-2003-1224 [LOW] CVE-2003-1224: Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRu Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.
nvd
CVE-2006-0429P4LOWCVSS 2.1v9.02006-01-25
CVE-2006-0429 [LOW] CVE-2006-0429: BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions.
nvd
CVE-2003-1225P4LOWCVSS 2.1v7.0v7.0.0.12003-12-31
CVE-2003-1225 [LOW] CVE-2003-1225: The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.
nvd
CVE-2006-0427P4LOWCVSS 2.1v8.1v9.02006-01-25
CVE-2006-0427 [LOW] CVE-2006-0427: Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.
nvd
CVE-2006-0432P4LOWCVSS 2.1v9.02006-01-25
CVE-2006-0432 [LOW] CVE-2006-0432: Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator use Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources.
nvd
CVE-2004-2321P4LOWCVSS 2.1v8.12004-12-31
CVE-2004-2321 [LOW] CVE-2004-2321: BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtai BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.
nvd
Bea Weblogic Server vulnerabilities | cvebase